CERT-In Issues Alert On APK Malware Fraud Used By Cybercriminals To Steal Financial Data Via Fake E-Challan & Bill Alerts

Mumbai: Central Emergency Response Team (CERT-In) has issued an alert regarding a APK file malware fraud used by cyber-criminals. Cybercriminals are using these fraudulent alerts to lure victims into installing a malicious application file. Once installed, this application functions as a multi-stage dropper malware designed to compromise the device, steal sensitive financial information, and facilitate unauthorised transactions.

Fake E-Challan & Bill Payment Messages Used as Bait

The campaign usually begins with victims receiving a message, regarding unpaid e-challan or updates regarding gas bill payment. The message includes an APK file or a URL to download the malware. Upon installation, the application shows up in the App Drawer. This is only the initial dropper and the actual malware is dropped upon tapping "Install Update".

Upon tapping "Install Update", the actual malware is installed on the victim's device. The app does not show up in the application list of the phone and it seeks several dangerous permissions such as access to SMS and phone calls from the user. It also seeks permissions to run in the background. This allows the attacker to persist on the victim device without the knowledge of the user.

The malware also requests the user for permission to create a VPN connection. This enables the attacker to monitor the internet traffic from the victim device. These malicious APKs are designed to steal user credentials mainly for financial transactions using fake screens. Once the user enters the details, the malware already has the permissions to read the SMS messages. The OTP messages are sent to the attacker's server.

Dos & Donts

Do not install APKs received via WhatsApp, SMS, Telegram or random websites.

Keep "Install from unknown sources" disabled on the Android phone; enable it only if absolutely necessary and from trusted sources.

If anyone receives any suspicious message, delete it immediately, block the sender and do not forward this message to friends or family.

If you already installed the malicious APK, disconnect mobile data/Wi-Fi, Go to Settings -> Applications. Uninstall the suspicious applications immediately. Run a trusted mobile antivirus scan. Change passwords/UPI PIN, check bank statements for unauthorised transactions.

Be cautious before granting dangerous permissions such as access to SMS, Contacts, Phone, Camera, Microphone, Storage to any application.

Google Play Protect" should be enabled on Android device. Never enable Accessibility Services for unknown or unverified apps.

Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.

Install and maintain updated anti-virus and antispyware software.

Citizens may report any cybercrime/financial frauds to the National Cyber Crime Reporting Portal website:

www.cybercrime.gov.in or call the Cyber Crime Helpline number: 1930

To get details on exclusive and budget-friendly property deals in Mumbai & surrounding regions, do visit: https://budgetproperties.in/